Cyber Governance Risk and Compliance Administrator

An overview of the role

The Cyber CRC Administrator will support the day-to-day operation of the Information Security Management System (ISMS) and the internal audit programme, helping the business maintain its security posture and compliance obligations across ISO 27001, PCI DSS, and DORA.

Your key responsibilities

• Maintain the ISMS on a day-to-day basis, including policy and procedure document control, version management, and review cycles.
• Plan, schedule, and conduct internal audits against ISO 27001 and other applicable frameworks; document findings and track corrective actions to closure.
• Maintain the risk register, supporting risk owners with assessments, treatment plans, and periodic reviews.
• Collect and maintain evidence to support certification audits, customer assurance requests, and regulatory obligations.
• Coordinate management review meetings, prepare reports and metrics, and minute outcomes.
• Support supplier and third-party risk activities, including questionnaire issuance and review.
• Help deliver the security awareness and training programme, tracking completion and exceptions.
• Act as a first point of contact for ISMS-related queries from across the business.